我有知识产权coded到.NET 2.0完全受信任的最终用户的机器，这是我想从被黑客攻击/逆向工程（WebService的/云来保护组件文件（.exe +的DLL） -Computing解决方案不是一个选项）。下面是我收集为了达到这个目标的技术的列表。

I have intellectual-property coded into .net 2.0 fully-trusted assemblies (.exe + DLLs) on an end-user machine, which I would like to protect from being hacked / reverse-engineered (WebService / Cloud-Computing solutions are not an option). Below is a list of techniques I gathered in order to reach this goal.

我的问题是：

是我的假设是否正确，还是我做错事的一种或多种技术？ 为了将这份名单足以prevent恶意攻击，还是有其他的保护措施我要补充？

在此先感谢。

-

推荐技术

登入使用相同的强名称密钥的所有组件这有两个好处： 系统。确保任何修改，汇编将使其无效， 乙。所有组件将具有相同的公钥，通过他们可以互相识别。 Sign all assemblies with the same strong-name key.This has two benefits: A. Make sure any modification to an assembly will render it useless, B. All assemblies will have the same public key, by which they can identify each other. Hallgrim的想法this所以。螺纹。 丹尼尔·布鲁克纳的另外的this所以。螺纹。 在此 .NET安全博客文章 ，它结合了这两种解决方案。 Hallgrim’s idea in this S.O. thread. Daniel Brückner‘s addition in this S.O. thread. This .Net Security Blog Post, which combines both solutions. 在这方面主要是因为有一个.NET程序集没有单一的入口点（如的DllMain（）为Win32 DLL文件）。

需要考虑的要点

在实施部分或全部的上述将最有可能引进的性能损失，所以对时间要求严格的处理，例如，应小心处理。 CAS似乎是无关紧要的这种类型的完全受信任组件。

推荐答案

我怕你不会得到你想要的所有的安全性。你看，这是与使用的itermediate语言，这些语言/平台的问题。它必须是在所有的运行时间实现可以消费，然后生产出本土code格式。

I'm afraid you won't get all the security you want. You see, this is a problem with these languages/platforms that use an itermediate language. It must be in a format that all of the runtimes implementations can consume and then produce the native code.

我已经看到了有关篡改签名的程序集的一些博客文章。我还没有尝试过，但我认为它的工作原理。除此之外，混淆工具只会使困难，但不是不可能提取code（altough有一些pretty的好工具，使它很难）。和NGEN不是该。你还有做分发原组件。

I've seen some blog posts about tampering signed assemblies. I haven't tried yet, but I think it works. Besides that, the obfuscation tools will just make it harder, but not impossible to extract code (altough there are some pretty good tools that make it very hard). And NGEN is not for that. You still have do distribute the original assemblies.

我想保护你的code最efective和安全的方式，是将其移动到您不能反编译技术，例如，将您的敏感code到非托管C ++和使用的DllImport在C＃code。

I think that the most efective and secure way of protect your code, is to move it to a technology that you can't decompile, for example, move your sensitive code to unmanaged C++ and use DLLImport on your C# code.

这并不意味着你不应该试图保护你的code，但你应该记住，你不会是100％的保护。如果你不能重写你的敏感code用另一种语言，去混淆和签名。你不能得到比这更安全。

It doesn't mean that you shouldn't try to protect your code, but you should have in mind that you won't be 100% protected. If you can't afford to rewrite your sensitive code in another language, go with obfuscation and signing. You can't get much more secure than that.